Trust and Reputation via Trust Registries

by | Aug 23, 2022 | Digital Identity, Digital Wallet, Trust Registries

“Who can be trusted to establish, sustain, and approve registry members?”

There are many potential answers to this question, and it’s essential to consider when determining who will be responsible for creating, maintaining, and validating the registry. Managing Trust and Reputation via Trust Registries will be necessary for the future evolution of online ecosystems.

To create trust between members of an ecosystem, one of the most critical functions is confirming that a particular entity is a member of the ecosystem and therefore bound by its governance framework’s terms and accountability requirements. Trust Registries (or Trust Hubs) fulfill this role. They can be implemented in many ways, from traditional centralized directory services to federated registries to fully decentralized ledgers. All of them can function as credential registries. Self-Sovereign Identity – Alex Preukschat and Drummond Reed.

Managing Trust and Reputation digitally

An Issuer creates every credential – so knowing how that Issuer’s authority is established is crucial. Otherwise, a crafty teenager will create a DMV that issues driver’s licences that “look real” (i.e. the Credentials validate cryptographically and have data that make sense). Further, they may even create a fake website that fools folks. But with the concept of a Trust Registry, their efforts would fail.

We’ll get to a more detailed description of a Trust Registry. Still, in this case, all a law enforcement officer’s Digital Wallet needs to know is the list of official DIDs from each province/state/federal authority it recognizes.  In other words, a concise list that doesn’t change.

To get lists of the Issuers (e.g. the actual DMV), a Wallet will need to be aware of the concept of Trust Registries (aka Trust Hubs).

  • The concept behind a Trust Registry is that a Wallet needs to know which decentralized identifiers (DIDs) to “trust” as a source of truth. At many levels, this “trust” translates to “authority” – knowing that somebody, centralized or decentralized, is responsible for maintaining a list of trusted DIDs.

A Wallet will need to know which Registries are to be trusted. Therefore, over time the community will need to have Trust Registries anchored by various means:

  • Legislative Authority. Many Vital Statistics and other government Issuers. They are authoritative due to their legislative authority. Examples of these include issuers of driver’s licences, hunting permits, building permits, passports, etc.
  • Community Authority. Some Trust Hubs will be created by communities, associations, etc., that exist through either a formal (similar to legislative) or de facto authority. Examples include a registry of licenced doctors; a registry of banks and credit unions; industry associations, local business improvement areas/chambers of commerce; etc.
  • Informal Authority. A Trust Hub should be able to exist with no formal authority. For example, we can imagine consolidated reputations (E.g. Uber & Lyft combined; Yelp and TripAdvisor) that allow someone to aggregate reputation across platforms. It likely derives its authority from the larger community that “lends” its reputation to them.

Web of Trust

A Wallet’s Owner(s) needs to know that their Wallet is using the correct list of Trusted Issuers. Therefore a Wallet needs to be able to “explain” how it created the levels of Trust – and what anchored these trust levels. We can imagine the following chain of actions when we, as a homeowner, receive a bid folder from a renovation contractor:

  • We check our contractor’s business licence, which is anchored back to the province/state corporate registry.
  • We check their insurance certificate against a list of Issuers on a nationally maintained list of insurance companies – a trust registry. That list is anchored back to various province/state/federal registries that are the “source of truth” for insurance company establishment – another trust registry.
  • We check the training status of all of the company’s workers as they arrive to know that they have all the required certificates and training for the jobs that they are doing.
  • We check with the city to ensure our contractor is licensed to operate. The municipality maintains a trust registry of businesses. We back-check the city licence bureau against their master list of Issuer DIDs. The city has a master DID that signed that registry, pointing back to its legislative source of authority and the master list of municipalities for that province/state.
Sovrin Web of Trust ModelThe decentralized, non-hierarchical trust model defined by the Sovrin Governance Framework that combines a cryptographic trust layer achieved using the Sovrin Ledger, Agents and Connections with a human trust layer achieved via Credential Exchange. The Sovrin Web of Trust Model does not rely on a single root of trust, but empowers any Sovrin Entity to serve as a root of trust and enables all Sovrin Entities to participate in any number of interwoven Trust Communities, either informally or as defined by Domain-Specific Governance Frameworks. See the Sovrin Web of Trust Model white paper. 
Sovrin Glossary

That sounds like a lot of work, doesn’t it? Here’s the thing – we don’t have to do any of this ourselves. Our Digital Wallet should do this for us.

STORY: A Home Renovation…

Let’s imagine a home renovation project with three main groups to think about: 

  • Homeowner
  • Contractor 
  • City Inspector

Trust Hubs and Trust Registries allow us to know that the various shared credentials (e.g. proof of insurance) are real. A Homeowner can ask their Digital Wallet to verify an insurance Credential that the Contractor is real. Their Digital Wallet needs to prove a few things:

  • That the Contractor was the entity to which the Insurer (the Issuer) gave the Credential. Done inside the Contractor’s Digital Wallet – it uses cryptography to prove that they still control the insurance Credential. 
  • That the Insurer cryptographically signed the Credential. This allows the Homeowner to know that the information wasn’t tampered with.
  • That the Insurer is a bona fide insurance company. There will need to be a Trust Hub that lists insurers for a particular area for this to happen.

All of the above can be done in just a few seconds, and other checks can be made simultaneously. Each party involved has their own pieces of information that they need to verify.

  • Homeowner wants to know that they have the proper permits and licences for the job and that their contractor and employees are fully licensed, insured, and up to scratch.
  • Contractor wants to know that the Homeowner has the proper permits, licence, inspections and insurance.
  • City Inspector wants to know that the Homeowner and Contractor have the required permits, training, and other paperwork. 

Paper-based approaches to verifying the above take long enough that few Homeowners ever do the checks they should. Our Digital Wallets can get all of them done in seconds – even while we are greeting each other.

Trust Registries are essential for managing trust and reputation in online communities. If you are interested in learning beyond the basics of the v1.0 Trust Registry specifications, join us for our next webinar on September 21, 2022, at 10:00 am EST.

We will discuss the requirements for implementing a Trust Registry and provide an overview of the landscape. So whether you are just getting started with Trust Registries or are already familiar with the basics, this webinar will be an excellent opportunity to learn more about this critical topic. View Recording.

​Visit our blogfollow us on social media, and subscribe to our newsletter to stay up-to-date and learn more.